Information security policies
ISO/IEC TS 27570

Search this site

Security awareness content

ISO/IEC TS 27570 — Privacy protection— Privacy guidelines for smart cities [DRAFT]


’Smart cities’ are emerging from the confluence of public wireless networks, mobile/portable devices, the Internet of Things (both industrial and consumer), automation, cloud computing, smart devices with advanced automation and artificial intelligence/machine learning, big data and more. As disparate ICT system are increasingly and dynamically communicating within our cities, both opportunities and risks are opening up for individuals plus the commercial and governmental agencies providing various services (such as communications, energy, transportation, healthcare and law enforcement).


Scope of the standard

Although the [draft] guideline briefly mentions the information security aspects of smart cities and other aspects such as safety and resilience, the guideline specifically concerns privacy.

Rhetorical questions include:

  • To what extent is it appropriate for individuals to be identified, tracked and monitored through their ICT devices and digital interactions as they go about their business in the city?
  • Since privacy requirements and expectations vary between the authorities, businesses and individuals, how should those tensions be managed?
  • Even though the collection, processing and disclosure of personal data may be restricted on privacy grounds, what (if anything) can/should be done to restrict correlation and inference being used as large quantities of information become available for sharing and analysis?
  • Is it even feasible to support (an appropriate degree of) anonymity if individuals so desire, without excluding them and denying them the advantages of interaction between smart devices?

There are social/societal aspects to this, as well as the technological and personal.

Given the rapid pace of change in this area, the guideline cannot fully address all the issues at this time but instead seeks to establish a reference (conceptual) framework as a basis for the development of future standards.


Content of the standard

The guideline will provide conceptual diagrams and explanations, emphasizing other applicable standards.



The standard (a ‘Technical Specification’) is due to be published at the end of 2020.

It is currently at 2nd draft stage.


Personal notes

This is a visionary, conceptual, creative standard: the issues it covers are barely even recognised as such at this point, at least not outside the specialism. Better to influence the thinking and direction on privacy, governance and related matters now than to complain about constraints later on when it may be too late to achieve fundamental change. If only the committee had taken such a proactive stance on IoT security way back when it was in its infancy!


< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2020 IsecT Ltd.